Syrian Electronic Army seen as 'nuisance,' not a serious cyberthreat

The Syrian Electronic Army claims credit via Twitter for cyberattacks on the New York Times and Huffington Post websites Tuesday.

By Robert Windrem, Investigative Reporter, NBC News

The Syrian Electronic Army, the hacking group that claims it shut down Twitter, the Huffington Post and The New York Times three days ago, is threatening in an interview to launch additional cyberattacks on U.S. government agencies if the Obama administration launches a military strike against Syria.

But despite these and other high-profile attacks, the U.S. government isn't too concerned with the threat by the group, which reportedly is run by a group of 20-something Syrian computer students. While the SEA may continue to inconvenience Internet users, U.S. officials say, it doesn't have the capacity to cause the type of serious damage that cyberforces in countries like China and Russia are believed to be capable of inflicting.

"The Syrian Electronic Army is a murky, underground group that has made a name for itself by plastering pro-regime propaganda across some of the Internet's most-trafficked sites," said a U.S. official, speaking on background. "It's clearly a nuisance, but its tactics aren't all that sophisticated."

The SEA — which is believed to operate with the assent of Bashar al-Assad's government, if not its direct support — issued its threat against the U.S. government in an interview published Tuesday by nowthisnews.com, which said it conducted the question-and-answer session via email.

The SEA had been involved in a number of high-profile cyberattacks even before this week, claiming to have hacked the websites or Twitter accounts of The Associated Press, The Washington Post, NPR, CBS, Reuters, Al Jazeera and others. The most high-profile hack was of AP in April, when it gained access to the news service's Twitter account and falsely reported that there had been an explosion at the White House.

But cybersecurity experts say the technology used in those attacks isn't very sophisticated. Most of its attacks, including the one on the Times, have used fairly rudimentary "spearphishing" tactics, which involve concocting virus-laden emails to trick unsuspecting users into handing over their online credentials, permitting wider attacks.

"There is nothing sophisticated about spearphishing," said Roger Cressey, a former White House cybersecurity official and now an NBC News consultant. "It is a technique used by a range of actors, from state actors all the way down to activist groups. The fact that it works is a flaw in security training and awareness."

Bottom line, say the experts, there are no reports of the SEA's destroying anything. At worst, it has managed only to temporarily deface some websites — including some run by Syrian insurgents — with pro-regime propaganda.

There are connections between the Syrian government and the SEA, but experts say it's unclear whether the two work directly together.

The U.S. official who briefed NBC News said the hacking group appears to set its own targets.

"While the regime probably welcomes its efforts, Damascus isn't necessarily calling the shots," said the official.

Helmi Noman, a senior researcher at the University of Toronto who has tracked the SEA virtually from its first posts in 2011, said Internet registration records show the group was set up by the Syrian Computer Society, whose former presidents include Assad, Syria's president, and his late brother Bassel. But he has been unable to find proof that Syrian security services are behind the attacks.

"Although there are some intriguing connections between the Syrian government and the groups involved in these attacks, we could not find credible evidence that links the two directly beyond the tacit support that would be required for such a group to operate on Syrian networks," he said.

Noman wrote in 2011 that the SEA's website was set up on May 5 of that year and that the group first identified itself as "a group of young people who love their country and have decided to fight back electronically against those who have attacked Syrian websites and those who are hostile to Syria." Its "about" statement initially stated that it wasn't "an official entity," but that reference was later removed, Noman wrote.

The group's debut coincided with the first protests against the Assad regime in Deraa, which brought the Arab Spring to Syria.

"Apparently, they did this for fear for legal consequences and repercussions, given that the SEA activities shifted to more questionable attacks," he said. "The Syrian government itself stopped hosting the SEA website in June 2013, apparently for the same reason. I think that is why the SEA moved to servers based in Russia then."

Now, he said, the clearest indication that the Syrian Electronic Army continues to enjoy the support of the Assad regime is the fact that it continues to distribute its cyber-graffiti.

It is "close enough to the Syrian regime to be able to operate freely in a country with a regime that is known for its restrictive legal and technical measures," he said.